|Steve Springett fa1d9d1de1||2 years ago|
|README.md||2 years ago|
WebAssembly increases the attack surface of any browser that supports it. In security engineering, countermeasures are typically employed to reduce risk to potential threats. Here are a few concerning aspects of WebAssembly:
Based on the above facts, here are some potential threats in using browsers that support WebAssembly:
Unknown. I do not use Windows so if someone knows the answer to this, please submit a pull request.
Chrome must be launched with the following command-line argument:
--js-flags=--noexpose_wasm. On Windows and Linux/Unix, simply appending the argument after the chrome executable is all that's required. For example:
On macOS, the syntax is a bit different.
open /Applications/Google\ Chrome.app --args --js-flags=--noexpose_wasm
On Windows, modifying the registry may also be beneficial in order to maintain state between Chrome auto-updates.
HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command HKEY_CLASSES_ROOT\http\shell\open\command HKEY_CLASSES_ROOT\https\shell\open\command
Uncheck the write permission on these keys so that the changes persist on next auto-update of Chrome. Thanks to @tophf for providing information about the flag and registry settings.
The Brave browser (Laptop edition) is based on Chromium and the same command-line argument works on Brave as well.
Safari does not have advanced about:config functionality and the Developer mode does not have an option to disable WASM. If someone knows how to disable in Safari, please submit a pull request.